On 30/06/19 2:32 pm, Mike Golf wrote: > Hi All, > > I've setup a squid proxy server on my PFSense router, is there any way > of bypassing HTTPS/SSL filtering for certain LAN IP's. HTTPS is not normally filtered at all. So for that to be happening something must be forcing it - all you have to do is *not* force the filtering or MITM to happen. * remove any rules in your NAT or routes directing port 443 to the proxy. * remove any https_port in the proxy for receiving that intercepted traffic * remove any SSL-Bump config for handling intercepted port 443 traffic or decrypting CONNECT tunnels. With that all done you will at most be left with clients using the proxy in forward-proxy capacity to open CONNECT tunnels. > I have IP > addresses 192.168.1.0-192.168.1.200 allocated through DHCP and I want > these devices to bypass SSL interception but not the standard HTTP proxy. Consider how are those clients using the proxy in the first place? Their method of IP assignment has nothing to do with it. > > Since most modern sites use HTTPS by default HTTP caching isn't that > effective anymore, That is a deceptive statement, more false than most think. But irrelevant since what you are wanting will prevent HTTPS caching entirely. > however I want my personal devices to use the SSL > proxy Note that SSL protocols both v2 and v3 are obsolete. Are you asking for: a) a TLS explicit proxy, or b) a TLS interception proxy, or c) a forward-proxy for relaying HTTPS ? >so I can get the fastest possible browsing experience without > having to install certificate authorities on my guests devices which use > the DHCP range. > A proxy is not going to do anything in regards to speed for those clients. The only way which you can improve speed with a proxy is by caching of HTTPS content - by avoiding all the re-encrypt delays on every request that can be made a HIT. But that requires those cert installations you are trying to avoid. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
